为什么在{%csrf_token%}存在时出现以下错误?
禁止(403) CSRF验证失败。请求中止。
这是我使用的示例视图,这么久。
view.py
def editModel(self,request, offset):
if 'user' in request.session :
user = request.session['user']
if request.method == 'POST':
if 'editModel' in request.POST:
offset = int(offset)
fields = ProfilModel.objects.filter(name=user)
workingModelsFiles = WorkingWithModelsFiles()
listModel = workingModelsFiles.getCurrentModel(user, offset)
modelView = self.listModels(user)[offset-1]
loadModels = "document.getElementById('x3dElement" + str(offset) + "').runtime.showAll();"
params = {'id ': offset,
'userName' : request.session['user'],
'surname' : fields[0].surname,
'listModel': listModel,
'model': modelView,
'bodyLoadModels': loadModels
}
params.update(csrf(request))
return render_to_response('editModel.html', params)
else:
offset = int(offset)
fields = ProfilModel.objects.filter(name=user)
workingModelsFiles = WorkingWithModelsFiles()
listModel = workingModelsFiles.getCurrentModel(user, offset)
modelView = self.listModels(user)[offset-1]
loadModels = "document.getElementById('x3dElement" + str(offset) + "').runtime.showAll();"
params = {'id ': offset,
'userName' : request.session['user'],
'surname' : fields[0].surname,
'listModel': listModel,
'model': modelView,
'bodyLoadModels': loadModels
}
params.update(csrf(request))
return render_to_response('editModel.html', params)
else:
return HttpResponseRedirect("/login/")
它存在于模板{%csrf_token%}中,但又在csrf上给我一个错误
template.html
......
<div class="tab_container">
<div id="tab1" class="tab_content">
<table class="tablesorter" cellspacing="0">
<tbody>
<form action="{% url 'edit_model' listModel.0.id_model %}" method="post" >
{% csrf_token %}
{% for item in listModel %}
<tr>
<td rowspan="3" style="width: 300px;"> {{ model | safe }} </td>
<td> Name Model: <i><input class="text_field" type="text" id='id_Model' name="Model" value="{{ item.modelName }}" /> </i> </td>
</tr>
<tr>
<td> Author: <i> <input class="text_field" type="text" id='id_Author' name="Author" value="{{ item.author }}" /> </i> </td>
</tr>
<tr>
<td> <input type="submit" name="editModel" value="Edit" /> </td>
</tr>
{% endfor %}
</form>
</tbody>
</table>
</div><!-- end of #tab1 -->
.......
settings.py
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# Uncomment the next line for simple clickjacking protection:
# 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
答案 0 :(得分:0)
您是否尝试过使用RequestContext而不是params.update(csrf(request))? 像:
params = {'id ': offset,
'userName' : request.session['user'],
'surname' : fields[0].surname,
'listModel': listModel,
'model': modelView,
'bodyLoadModels': loadModels
}
ctx = RequestContext(request, params)
return render_to_response('editModel.html', context_instance=ctx)